iriver/photography
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
17078683e618e2e7ff4c559d813fc5433f6881ac
photography/backend-old/internal/service/auth/auth_service.go
xujiang 604b9e59ba fix
2025-07-10 18:09:11 +08:00

249 lines
6.3 KiB
Go
Raw Blame History

package auth
import (
"fmt"
"golang.org/x/crypto/bcrypt"
"photography-backend/internal/model/entity"
"photography-backend/internal/model/dto"
"photography-backend/internal/repository/postgres"
)
// AuthService 认证服务
type AuthService struct {
userRepo postgres.UserRepository
jwtService *JWTService
}
// NewAuthService 创建认证服务
func NewAuthService(userRepo postgres.UserRepository, jwtService *JWTService) *AuthService {
return &AuthService{
userRepo: userRepo,
jwtService: jwtService,
}
}
// Login 用户登录
func (s *AuthService) Login(req *dto.LoginRequest) (*dto.LoginResponse, error) {
// 根据用户名或邮箱查找用户
var user *entity.User
var err error
// 按邮箱查找用户
user, err = s.userRepo.GetByEmail(req.Email)
if err != nil {
return nil, fmt.Errorf("failed to get user by email: %w", err)
}
if user == nil {
return nil, fmt.Errorf("invalid credentials")
}
// 检查用户是否激活
if !user.IsActive {
return nil, fmt.Errorf("user account is deactivated")
}
// 验证密码
if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(req.Password)); err != nil {
return nil, fmt.Errorf("invalid credentials")
}
// 生成JWT令牌
tokenPair, err := s.jwtService.GenerateTokenPair(user.ID, user.Username, string(user.Role))
if err != nil {
return nil, fmt.Errorf("failed to generate tokens: %w", err)
}
// 更新最后登录时间
if err := s.userRepo.UpdateLastLogin(user.ID); err != nil {
// 记录错误但不中断登录流程
fmt.Printf("failed to update last login: %v\n", err)
}
// 清除密码字段
user.Password = ""
return &dto.LoginResponse{
Token: dto.TokenResponse{
AccessToken: tokenPair.AccessToken,
RefreshToken: tokenPair.RefreshToken,
TokenType: tokenPair.TokenType,
ExpiresIn: tokenPair.ExpiresIn,
},
User: *dto.ConvertToUserResponse(user),
}, nil
}
// Register 用户注册
func (s *AuthService) Register(req *dto.CreateUserRequest) (*entity.User, error) {
// 检查用户名是否已存在
existingUser, err := s.userRepo.GetByUsername(req.Username)
if err != nil {
return nil, fmt.Errorf("failed to check username: %w", err)
}
if existingUser != nil {
return nil, fmt.Errorf("username already exists")
}
// 检查邮箱是否已存在
existingUser, err = s.userRepo.GetByEmail(req.Email)
if err != nil {
return nil, fmt.Errorf("failed to check email: %w", err)
}
if existingUser != nil {
return nil, fmt.Errorf("email already exists")
}
// 加密密码
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
if err != nil {
return nil, fmt.Errorf("failed to hash password: %w", err)
}
// 创建用户
user := &entity.User{
Username: req.Username,
Email: req.Email,
Password: string(hashedPassword),
Name: req.Name,
Role: req.Role,
IsActive: true,
}
// 如果没有指定角色,默认为普通用户
if user.Role == "" {
user.Role = entity.UserRoleUser
}
if err := s.userRepo.Create(user); err != nil {
return nil, fmt.Errorf("failed to create user: %w", err)
}
// 清除密码字段
user.Password = ""
return user, nil
}
// RefreshToken 刷新令牌
func (s *AuthService) RefreshToken(req *dto.RefreshTokenRequest) (*dto.LoginResponse, error) {
// 验证刷新令牌
claims, err := s.jwtService.ValidateToken(req.RefreshToken)
if err != nil {
return nil, fmt.Errorf("invalid refresh token: %w", err)
}
// 获取用户信息
user, err := s.userRepo.GetByID(claims.UserID)
if err != nil {
return nil, fmt.Errorf("failed to get user: %w", err)
}
if user == nil {
return nil, fmt.Errorf("user not found")
}
// 检查用户是否激活
if !user.IsActive {
return nil, fmt.Errorf("user account is deactivated")
}
// 生成新的令牌对
tokenPair, err := s.jwtService.GenerateTokenPair(user.ID, user.Username, string(user.Role))
if err != nil {
return nil, fmt.Errorf("failed to generate tokens: %w", err)
}
// 清除密码字段
user.Password = ""
return &dto.LoginResponse{
Token: dto.TokenResponse{
AccessToken: tokenPair.AccessToken,
RefreshToken: tokenPair.RefreshToken,
TokenType: tokenPair.TokenType,
ExpiresIn: tokenPair.ExpiresIn,
},
User: *dto.ConvertToUserResponse(user),
}, nil
}
// GetUserByID 根据ID获取用户
func (s *AuthService) GetUserByID(id uint) (*entity.User, error) {
user, err := s.userRepo.GetByID(id)
if err != nil {
return nil, fmt.Errorf("failed to get user: %w", err)
}
if user == nil {
return nil, fmt.Errorf("user not found")
}
// 清除密码字段
user.Password = ""
return user, nil
}
// UpdatePassword 更新密码
func (s *AuthService) UpdatePassword(userID uint, req *dto.ChangePasswordRequest) error {
// 获取用户信息
user, err := s.userRepo.GetByID(userID)
if err != nil {
return fmt.Errorf("failed to get user: %w", err)
}
if user == nil {
return fmt.Errorf("user not found")
}
// 验证旧密码
if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(req.OldPassword)); err != nil {
return fmt.Errorf("invalid old password")
}
// 加密新密码
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(req.NewPassword), bcrypt.DefaultCost)
if err != nil {
return fmt.Errorf("failed to hash password: %w", err)
}
// 更新密码
user.Password = string(hashedPassword)
if err := s.userRepo.Update(user); err != nil {
return fmt.Errorf("failed to update password: %w", err)
}
return nil
}
// CheckPermission 检查权限
func (s *AuthService) CheckPermission(userRole entity.UserRole, requiredRole entity.UserRole) bool {
roleLevel := map[entity.UserRole]int{
entity.UserRoleUser: 1,
entity.UserRolePhotographer: 2,
entity.UserRoleAdmin: 3,
}
userLevel, exists := roleLevel[userRole]
if !exists {
return false
}
requiredLevel, exists := roleLevel[requiredRole]
if !exists {
return false
}
return userLevel >= requiredLevel
}
// IsAdmin 检查是否为管理员
func (s *AuthService) IsAdmin(userRole entity.UserRole) bool {
return userRole == entity.UserRoleAdmin
}
// IsPhotographer 检查是否为摄影师或以上
func (s *AuthService) IsPhotographer(userRole entity.UserRole) bool {
return userRole == entity.UserRolePhotographer || userRole == entity.UserRoleAdmin
}
Reference in New Issue View Git Blame Copy Permalink